[Air-l] social network migration

Michael Zimmer michael.zimmer at nyu.edu
Mon Jul 9 18:29:31 PDT 2007 

Thanks for the question, Gail. Before I tackle it, two things to get  
out of the way:

(1) I was imprecise when I said "Google is...working on a social  
networking platform...".  The work is being done by grad students at  
CMU (thus the URL I linked to), and Google is sponsoring the work.  
Based on the CMU site, they seem to be taking some kind of  
"direction" from our friends in Mountain View ("Directed to help  
improve the online community orkut..."), but the research & demo is  
the fruit of CMU's labor, not Google's. If anyone know what the  
nature of these kinds of relationships are (contractual?), I'd love  
to learn more. (Thanks, Eszter, for pointing out my error)

(2) As a preface to my response to Gail's question below, I am not a  
lawyer. I'm just lucky to be able to work alongside some great legal  
(as well as other non-legal) minds up at Yale's ISP. Further, I  
haven't had the time to spend a lot of intellectual energy on these  
ideas, so my answer will be kinda rough around the edges...

Those said...

The notion of businesses entering into agreements with other  
businesses to share personal information about their users (and  
online practices) is nothing new. I recently bought some items from  
Babies R Us, and they required my phone number in order to process  
the transaction. I decided to give it to them, and suddenly I'm on  
the mailing list for a dozen various baby retailers (power of reverse  
look-up directories). Businesses have been selling customer lists and  
purchasing habits long before Amazon or Google got into the game.

In terms of legal issues, it seems that business (contractual)  
agreements are often the ONLY thing regulating the flow of personal  
information in these contexts. There are very few (U.S.) laws  
limiting the flow of personal information among companies, and those  
that do exist are for very specific data sets (library records,  
medical records, video rental records, etc). The only limits are self- 
imposed by the companies themselves, and more often than not, the  
"privacy policies" and EULAs we sign off on are much more about how  
they WILL share our information as opposed to how they will PROTECT  
our privacy. IE, when we sign up for our "frequent shopper cards"  
we're signing a business agreement that includes in the fine print  
our acceptance of the fact that the data will be shared with "trusted  
partners" or some fluff like that. Facebook has similar language in  
their Privacy Policy: "We may offer stores or provide services  
jointly with other companies on Facebook. ...and we may share  
customer information with that company in connection with your use of  
that store or service."

Unfortunately the norm is for the flow of personal information to be  
much more in the control of business interests than the individuals  
themselves. We have little choice in the matter that Choicepoint has  
aggregated all of our financial information, and once we sign up for  
our Facebook account we allow that business agreement to dictate how  
Facebook will handle our information as well.

Gail seems to suggest that Socialstream's aggregation of social  
network information from other services via "business agreements"  
among the parties constitutes a "major change in practice from the  
manner in which users are currently using Google services." Well, I  
suppose so, but maybe not in the way Gail is suggesting. As more and  
more users migrate to "Planet Google" to fulfill their needs for  
information seeking, shopping, news, blogging, browsing,  
spreadsheets, e-mail, chat, and so on, we provide Google singular  
access to all that information in about our lives. Rather than being  
dispersed among various services (both online and off), for many  
people, all such activities are linked through a common Google  
Account and/or cookie.[1] So, it seems that for users currently using  
Google services, acquiescence in the collection of personal  
information by Google has already taken place. Perhaps Socialstream  
is Google's attempt to gain access to even more of "all the world's  
information" that is currently beyond their reach. While users of  
Facebook might presume that their actions aren't visible to Google's  
crawlers (see [2] for a possible exception), a service like  
Socialstream would mean even actions on non-Google properties could  
be captured by Larry & Sergey.

This leads to what I see as the real possible danger here. Users of  
various social networking services might be working on the assumption  
that their activities on a particular site remain there - that they  
are bound by the context of that environment and culture. By allowing  
all that activity to be aggregated by some third party, any  
contextual integrity of those actions might be violated. This is  
similar to concerns about Facebook opening up their databases via an  
API framework.[3] (A key design feature to avoid this is allow  
individual users to opt-in to such an aggregation of their site- 
specific activities by off-site services).

In general, I can see two different situations emerging form such a  
social network aggregation schema as Socialstream: (a) users gain  
more control of their social networking data. They have a single  
repository of all their personal information, and selectively dole  
out which sites get what pieces of data, etc. ; or (b) Single  
entities (such as Google) obtain the power to aggregate users  
activities that are currently dispersed across numerous platforms,  
threatening the ability of users to control who has access to their  
personal information. Which way the bottle will point once it stops  
spinning, I don't know....

I feel I am now officially rambling, so I'll cut myself off at this  
point. Not even sure if I've truly addressed Gail's concerns, but  
that's my initial stream of consciousness rant on the issues....

-michael.

[1] Google isn't alone in capturing a wide array of user data for  
their benefit. See this on Yahoo's recent SmartAds launch: http:// 
michaelzimmer.org/2007/07/04/with-smartads-yahoo-finally-joins- 
googleas-a-threat-to-privacy/
[2] http://michaelzimmer.org/2007/05/29/facebook-allowing-profiles-to- 
be-crawled-by-google/
[3] As discussed by me at http://michaelzimmer.org/2007/05/25/ 
personal-data-flows-and-apis/ and by Fred Stutzman at http:// 
chimprawk.blogspot.com/2007/05/facebook-platform-analysis.html

-----
Michael Zimmer, PhD
Microsoft Fellow, Information Society Project, Yale Law School
e: michael.zimmer at nyu.edu
w: http://michaelzimmer.org



On Jul 9, 2007, at 10:01 AM, 'Gail Taylor wrote:

> Michael Zimmer wrote: "Returning to this discussion, Google is  
> (surprise) working on a social networking platform called  
> Socialstream, which would "draw content from a variety of sources.  
> Socialstream would be based on a unified social network (USN), a  
> single network that provides social data to other sites as a  
> service. A service model allows many social networks to be linked  
> together, letting them share both content and the nature of the  
> relationships of the people who use them."
>
> I'm wondering whether Michael might share some insights about legal  
> issues that will need to be addressed by businesses who enter into  
> agreements with others businesses to share personal information  
> about their users and online practices. In reading through  
> information presented about the Google product, it was suggested  
> that user actions would be regulated by business agreements. many  
> decisions are going to be made for individual users would be made  
> for the user by the business owners and operators. It was suggested  
> that users would only need to specify, "as an afterthought", who  
> would be able to see personal informaton and what services would  
> host it. This is a major change in practice from the manner in  
> which users are currently using Google services, particularly those  
> related to the capture and exchange of personal information with  
> other entities (government agencies including law enforcement,  
> public and private sector businesses, private citizens).
>
> /Gail
>
> ---------------------------------------
> Gail D. Taylor, M.Ed.
> University of Illinois Urbana-Champaign
> Human Resource Education Ph.D. Student
> Educational Psychology Teaching Assistant
> Library & Information Science Research Assistant
>
> "Technology enables man to gain control
> over everything except technology." --
> Unknown
> _______________________________________________
> The air-l at listserv.aoir.org mailing list
> is provided by the Association of Internet Researchers http://aoir.org
> Subscribe, change options or unsubscribe at: http:// 
> listserv.aoir.org/listinfo.cgi/air-l-aoir.org
>
> Join the Association of Internet Researchers:
> http://www.aoir.org/

More information about the Air-L mailing list